'Cross-Site Scripting Detected' error when creating a new case in eDiscovery

book

Article ID: 100061628

calendar_today

Updated On:

Description

Error Message

The screenshot and error below were obtained from a non-production test lab.

Error 1 - User interface pop-up.
Cross-Site Scripting Detected

Error 2 - Server.yyyy-mm-dd.log
ERROR [ui.servlet.XSSFilter] (https-...-443-exec-21-superuser:[]) CaseName:[] UserName:[superuser-X] [#60016] XSS Content Detected in request parameter: matterDescription containing string: < or >

Cause

The use of angle brackets/carets is not allowed in the Case Description field in the version listed above.

Resolution

Remove the angle brackets/carets from the Case Description field, then click the Save button to save the required case.

This issue is currently under investigation by Veritas Technologies LLC. Pending the outcome of the investigation, this issue may be resolved by way of a patch or hotfix in current or future revisions of the software. However, this particular issue is not currently scheduled for any release. If you feel this issue has a direct business impact for you and your continued use of the product, please contact your Veritas Sales representative or the Veritas Sales group to discuss these concerns.

Note: Customers experiencing this issue are encouraged to contact Veritas Technical Support as data is still being collected to assist in resolving this issue.

Issue/Introduction

Unable to create a new case when the Description contains angle brackets or carets: such as < or >. A pop-up will appear in the user interface with the error listed below in Error 1 and the case fails to be created. The server log of the Case Home tab will list the error as in Error 2 below. At the time this article was published, this issue was seen in versions 10.2.0 & 10.2.3.

Additional Information

JIRA: ESA-65168

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"